Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include efficiently generating a security questionnaire response (SQR), measuring readiness via a readiness project for an audit project, sharing InfoSec entities across the various products of a tenant organization, risk assessment, automatic collection of evidence tasks, among others.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A multi-tenant security assurance platform comprising computer-readable instructions stored in a non-transitory storage medium and at least one microprocessor coupled to said storage medium for executing said computer-readable instructions, said multi-tenant security assurance platform further comprising: (a) at least one tenant onboarded onto said multi-tenant security assurance platform; (b) a plurality of information security (InfoSec) entities comprising one or more policies, one or more controls and one or more evidence tasks; (c) an InfoSec Policy Module for maintaining said one or more policies for said at least one tenant in said multi-tenant security assurance platform, said one or more policies enforced by implementing said one or more controls, said implementing verified by collecting said one or more evidence tasks by said multi-tenant security assurance platform; (d) a Readiness Project Module for tracking by a readiness project, a readiness of said at least one tenant for a corresponding audit project tracked by an Audit Project Module of said multi-tenant security assurance platform; wherein said multi-tenant security assurance platform performs usage-tracking of said plurality of InfoSec entities.
A multi-tenant security assurance platform provides a centralized system for managing information security (InfoSec) compliance across multiple organizations (tenants). The platform addresses the challenge of maintaining consistent security policies, controls, and evidence collection across diverse tenants, ensuring compliance with regulatory and industry standards. The system includes a tenant onboarding process to integrate organizations into the platform. It manages a set of InfoSec entities, including policies, controls, and evidence tasks, which define and enforce security requirements. A dedicated InfoSec Policy Module maintains and enforces these policies by implementing controls and verifying compliance through evidence collection. A Readiness Project Module tracks each tenant's preparedness for upcoming audits, while an Audit Project Module manages the audit process itself. The platform also monitors usage of these InfoSec entities to optimize security operations. This approach streamlines compliance management, reduces manual effort, and ensures consistent security practices across multiple tenants.
2. The multi-tenant security assurance platform of claim 1 , wherein at least one of said one or more policies comprises one or more procedures and wherein said implementing is also used to enforce said one or more procedures.
A multi-tenant security assurance platform provides centralized security management for multiple independent organizations sharing a common infrastructure. The platform addresses the challenge of maintaining robust security across diverse tenants while ensuring compliance with varying regulatory and organizational requirements. It includes a policy management system that defines and enforces security policies tailored to each tenant's needs. These policies may include specific procedures, such as access controls, authentication methods, or data encryption protocols. The platform implements these policies to enforce security measures, ensuring consistent protection across all tenants. Additionally, the system may monitor compliance with these policies, detect deviations, and trigger automated remediation actions. By centralizing policy enforcement, the platform reduces administrative overhead and minimizes security risks associated with decentralized management. The solution supports scalability, allowing new tenants to be onboarded with predefined or custom policies without compromising the security posture of existing tenants. This approach enhances security assurance while maintaining operational efficiency in shared environments.
3. The multi-tenant security assurance platform of claim 1 , wherein said one or more policies, said one or more controls and said one or more evidence tasks are linked to each other via a data-model.
A multi-tenant security assurance platform provides a centralized system for managing security policies, controls, and evidence tasks across multiple organizations. The platform addresses the challenge of maintaining consistent security compliance in shared environments by linking policies, controls, and evidence tasks through a structured data model. This model ensures traceability and alignment between security requirements and their implementation, allowing organizations to verify compliance efficiently. The platform supports multiple tenants, enabling different organizations to use the same system while maintaining isolation of their security configurations. Policies define security requirements, controls specify the measures to enforce those requirements, and evidence tasks collect and validate proof of compliance. The data model establishes relationships between these elements, ensuring that changes to one component automatically update related components, reducing manual effort and errors. The platform also provides visibility into compliance status, allowing organizations to monitor and report on their security posture. This approach improves efficiency, reduces compliance gaps, and enhances security assurance in multi-tenant environments.
4. The multi-tenant security assurance platform of claim 3 , wherein said one or more policies, said one or more controls and said one or more evidence tasks are shared across a plurality of products of said tenant.
A multi-tenant security assurance platform provides centralized management of security policies, controls, and evidence tasks across multiple products within a tenant's environment. The platform enables the sharing of these security elements across different products, ensuring consistent security posture and compliance across the tenant's entire infrastructure. This approach reduces redundancy, simplifies administration, and enhances security by standardizing policies and controls. The platform allows tenants to define and enforce security policies, implement controls to mitigate risks, and collect evidence to verify compliance. By sharing these components across products, the platform ensures that security measures are uniformly applied, reducing the risk of gaps or inconsistencies. The system supports multi-tenancy, allowing multiple tenants to use the platform while maintaining isolation between their respective environments. This centralized approach improves efficiency, reduces operational overhead, and ensures that security practices are consistently applied across all products within a tenant's domain. The platform may also include features for monitoring, reporting, and auditing to provide visibility into security compliance and risk management.
5. The multi-tenant security assurance platform of claim 1 , wherein said collecting is performed via one or more integrations installed for said tenant in said multi-tenant security assurance platform.
A multi-tenant security assurance platform provides security monitoring and threat detection for multiple tenants within a shared infrastructure. The platform collects security-related data from various sources to assess and mitigate risks across different tenants. This data collection is performed through one or more integrations specifically installed for each tenant within the platform. These integrations enable the platform to gather relevant security data from the tenant's systems, applications, or networks, ensuring that the security monitoring is tailored to the tenant's specific environment. The platform then analyzes this data to identify potential security threats, vulnerabilities, or compliance issues, allowing for proactive security measures. The use of tenant-specific integrations ensures that the platform can adapt to different security requirements and configurations across multiple tenants while maintaining isolation and security between them. This approach enhances the platform's ability to provide comprehensive security assurance in a multi-tenant environment.
6. The multi-tenant security assurance platform of claim 1 , wherein one or both of said readiness project and said audit project are used to measure a compliance of said tenant with one or more security frameworks including General Data Protection Regulation (GDPR), System and Organizational Controls (SOC) 2, National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), California Consumer Privacy Act (CCPA), International Organization for Standardization (ISO) 27001, Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS).
A multi-tenant security assurance platform evaluates and measures a tenant's compliance with multiple security frameworks, including GDPR, SOC 2, NIST CSF, CCPA, ISO 27001, HIPAA, and PCI DSS. The platform includes readiness and audit projects to assess security posture. Readiness projects help tenants prepare for compliance by identifying gaps and implementing necessary controls, while audit projects verify adherence to regulatory requirements through assessments and reporting. The platform supports multiple tenants, allowing each to track and manage compliance independently while leveraging shared resources. By integrating these projects, the platform provides a unified approach to security assurance, ensuring tenants meet industry standards and regulatory obligations. The system automates compliance tracking, reduces manual effort, and provides actionable insights to improve security practices. This solution addresses the challenge of managing complex, multi-framework compliance requirements across diverse organizations, streamlining the process for both internal teams and external auditors.
7. The multi-tenant security assurance platform of claim 1 , wherein said collecting is performed by an AutoCollect Evidence Task Integration Module of said multi-tenant security assurance platform.
A multi-tenant security assurance platform is designed to provide centralized security monitoring and compliance for multiple organizations sharing the same infrastructure. The platform addresses the challenge of ensuring security and compliance across diverse tenants while maintaining operational efficiency. A key feature of this platform is the automated collection of security evidence, which is performed by an AutoCollect Evidence Task Integration Module. This module systematically gathers security-related data from various sources within the shared infrastructure, including logs, configurations, and audit trails. The collected evidence is then processed and analyzed to identify potential security risks, compliance gaps, or policy violations. The module integrates with existing security tools and systems to streamline evidence collection, reducing manual effort and improving accuracy. By automating this process, the platform ensures continuous monitoring and timely detection of security issues, allowing organizations to maintain robust security postures and meet regulatory requirements. The integration module also supports customization, enabling tenants to define specific evidence collection parameters based on their unique security policies and compliance needs. This approach enhances scalability and adaptability, making the platform suitable for organizations of varying sizes and industries.
8. The multi-tenant security assurance platform of claim 6 , wherein said one or more policies are prescribed in said one or more security frameworks.
A multi-tenant security assurance platform provides centralized security management for multiple tenants, ensuring compliance with security frameworks and policies. The platform monitors security events across distributed systems, detects deviations from predefined security policies, and enforces remediation actions. It supports multiple security frameworks, such as NIST, ISO, or industry-specific standards, allowing tenants to align with their required regulatory or compliance frameworks. The platform integrates with various security tools, including firewalls, intrusion detection systems, and vulnerability scanners, to collect and analyze security data. It correlates events from these tools to identify threats, vulnerabilities, and policy violations. When a deviation is detected, the platform triggers automated remediation workflows, such as isolating affected systems, applying patches, or generating alerts for manual review. The platform also provides reporting and auditing capabilities, allowing tenants to demonstrate compliance with security frameworks and track security posture over time. By centralizing security operations, the platform reduces the complexity of managing security across multiple tenants while ensuring adherence to prescribed policies and frameworks.
9. The multi-tenant security assurance platform of claim 6 , wherein said one or more controls are prescribed in said one or more security frameworks.
A multi-tenant security assurance platform provides centralized security management for multiple organizations sharing a cloud-based infrastructure. The platform monitors and enforces security policies across tenants to ensure compliance with industry standards and regulatory requirements. A key feature is the ability to apply security controls derived from one or more security frameworks, such as NIST, ISO 27001, or GDPR. These frameworks define best practices for data protection, access management, and threat detection. The platform dynamically assigns and enforces these controls based on tenant-specific configurations, ensuring consistent security posture across all users. This approach reduces the risk of breaches and simplifies compliance audits by automating control validation and reporting. The system also supports custom frameworks, allowing organizations to integrate proprietary security policies. By centralizing control enforcement, the platform minimizes administrative overhead and improves visibility into security risks across the multi-tenant environment. This solution addresses the challenge of maintaining robust security in shared cloud infrastructures while accommodating diverse compliance requirements.
10. The multi-tenant security assurance platform of claim 1 , wherein said usage-tracking is used for the generation of one or both of a risk register and an information security program document for said tenant.
A multi-tenant security assurance platform monitors and tracks security-related usage data across multiple tenants within a shared system. The platform collects and analyzes usage data to assess security risks and compliance status for each tenant. This data is then used to generate a risk register, which documents identified security risks, their potential impact, and mitigation strategies. Additionally, the platform can produce an information security program document, outlining the tenant's security policies, procedures, and controls. These documents help tenants manage and improve their security posture by providing actionable insights and structured guidance. The platform ensures that each tenant's security data remains isolated and secure, maintaining confidentiality while enabling centralized monitoring and reporting. This approach allows organizations to proactively address security threats and demonstrate compliance with regulatory requirements. The generated documents serve as critical tools for risk management, audit preparation, and continuous security improvement.
11. The multi-tenant security assurance platform of claim 10 , wherein recommendations are provided in said generation of said risk register.
A multi-tenant security assurance platform is designed to assess and manage security risks across multiple organizations or tenants within a shared system. The platform generates a risk register, which is a centralized repository of identified security risks, vulnerabilities, and mitigation strategies. This risk register helps organizations prioritize and address security threats effectively. The platform provides recommendations during the generation of the risk register, offering actionable insights to improve security posture. These recommendations may include specific mitigation steps, best practices, or tools to address identified risks. The platform may also analyze historical data, industry benchmarks, or real-time threat intelligence to generate tailored recommendations for each tenant. By integrating these recommendations into the risk register, the platform enables organizations to proactively manage security risks and comply with regulatory requirements. The multi-tenant architecture allows the platform to scale across multiple organizations while maintaining isolation and customization for each tenant. This approach ensures that security assessments and recommendations are relevant to each organization's unique environment and risk profile. The platform may also support collaboration features, allowing security teams to share insights and coordinate responses across tenants. Overall, the platform enhances security risk management by providing automated, data-driven recommendations that help organizations mitigate threats efficiently.
12. A computer-implemented method executing computer-readable instructions by at least one microprocessor, said instructions stored in a non-transitory storage medium coupled to said at least one microprocessor, and said method comprising the steps of: (a) onboarding a tenant onto a multi-tenant software-as-a-service (SaaS) web-application; (b) performing usage-tracking of a plurality of information security (InfoSec) entities defined in said multi-tenant SaaS web-application, said plurality of InfoSec entities including one or more policies, one or more controls and one or more evidence tasks; (c) enforcing said one or more policies by implementing said one or more controls; (d) verifying said implementing by collecting said one or more evidence tasks in said multi-tenant SaaS web-application; (e) utilizing a readiness project for preparing said tenant for an audit project, said readiness project and said audit project defined in said multi-tenant SaaS web-application.
This invention relates to a computer-implemented method for managing information security (InfoSec) compliance in a multi-tenant software-as-a-service (SaaS) web application. The method addresses the challenge of efficiently onboarding tenants and ensuring compliance with security policies through automated tracking, enforcement, and verification processes. The method begins by onboarding a tenant onto the SaaS platform. Once onboarded, the system performs usage-tracking of various InfoSec entities, including policies, controls, and evidence tasks. Policies define security requirements, controls are mechanisms to enforce these policies, and evidence tasks are activities that verify compliance. The system enforces policies by implementing controls and verifies compliance by collecting evidence tasks within the SaaS application. Additionally, the method includes a readiness project to prepare the tenant for an audit project. Both projects are defined within the SaaS application, ensuring structured and automated compliance management. The readiness project helps tenants organize and prepare necessary documentation and processes before an official audit, streamlining the audit process and reducing compliance risks. The system automates tracking, enforcement, and verification, improving efficiency and accuracy in maintaining InfoSec compliance across multiple tenants.
13. The computer-implemented method of claim 12 , wherein at least one of said one or more policies comprises one or more procedures and wherein said implementing is also used for enforcing said one or more procedures.
This invention relates to computer-implemented methods for managing and enforcing policies within a system. The problem addressed is the need for a structured approach to define, implement, and enforce procedural policies in a way that ensures compliance and consistency across different system operations. The method involves defining one or more policies, where each policy includes specific procedures that dictate how certain actions or processes should be executed. These policies are then implemented within the system, and the same implementation mechanism is used to enforce the procedures defined within the policies. This dual functionality ensures that the policies are not only defined but also actively enforced, reducing the risk of non-compliance or inconsistent behavior. The system may include additional components, such as a policy management module that handles the creation, storage, and retrieval of policies, and an enforcement module that monitors system operations to ensure adherence to the defined procedures. The method may also involve dynamically updating policies in response to changes in system requirements or external regulations, ensuring ongoing compliance. By integrating policy definition and enforcement into a single framework, the invention provides a streamlined approach to governance, reducing complexity and improving reliability in policy management. This is particularly useful in environments where strict procedural compliance is required, such as financial systems, healthcare, or regulatory compliance frameworks.
14. The computer-implemented method of claim 12 linking said one or more policies, said one or more controls and said one or more evidence tasks to each other via a data-model.
This invention relates to a computer-implemented method for managing compliance and governance in an enterprise environment. The method addresses the challenge of ensuring that policies, controls, and evidence tasks are properly aligned and traceable within an organization's compliance framework. The system links these elements through a structured data model, enabling automated tracking and validation of compliance requirements. The method involves defining one or more policies, which represent regulatory or organizational rules that must be adhered to. These policies are associated with one or more controls, which are specific measures or procedures designed to enforce the policies. Additionally, one or more evidence tasks are created to gather and verify that the controls are being effectively implemented. The data model establishes relationships between these components, allowing for automated workflows, auditing, and reporting. By linking policies, controls, and evidence tasks in a unified data model, the system ensures that compliance activities are systematically managed. This approach reduces manual effort, minimizes errors, and provides a clear audit trail. The method supports dynamic updates to policies, controls, and evidence tasks, ensuring that the compliance framework remains current with regulatory changes. The system may also include features for role-based access, automated notifications, and integration with other enterprise systems to enhance efficiency and oversight.
15. The computer-implemented method of claim 14 sharing said one or more policies, said one or more controls and said one or more evidence tasks across a plurality of products of said tenant.
This invention relates to a computer-implemented method for managing and sharing governance, risk, and compliance (GRC) policies, controls, and evidence tasks across multiple products within a tenant's environment. The method addresses the challenge of maintaining consistent compliance and risk management practices across diverse products, reducing redundancy and ensuring alignment with regulatory requirements. The method involves defining one or more policies, controls, and evidence tasks within a centralized system. These elements are then shared and applied across a plurality of products associated with the tenant. The system ensures that the shared policies, controls, and evidence tasks are consistently enforced and monitored, allowing for streamlined compliance management. The method may also include tracking the status of evidence tasks, generating compliance reports, and providing alerts for non-compliance or deviations. By centralizing and sharing these GRC elements, the invention simplifies compliance workflows, reduces manual effort, and minimizes inconsistencies across different products. This approach is particularly useful in multi-product environments where maintaining uniform compliance standards is critical. The system may also support customization and adaptation of policies and controls to meet specific product requirements while maintaining overall compliance alignment.
16. The computer-implemented method of claim 12 , wherein said collecting in step (d) is performed via one or more integrations installed in said multi-tenant SaaS web-application for said tenant.
This invention relates to data collection within a multi-tenant Software-as-a-Service (SaaS) web application. The problem addressed is the need to efficiently gather data from multiple tenants (customers) in a scalable and secure manner without requiring manual intervention or custom development for each tenant. The solution involves integrating data collection mechanisms directly into the SaaS platform, allowing automated and tenant-specific data gathering. The method includes installing one or more integrations within the multi-tenant SaaS application for a specific tenant. These integrations are designed to collect data from various sources, such as user interactions, application logs, or external systems, while ensuring data isolation and security between tenants. The integrations are configured to operate within the SaaS environment, leveraging its existing infrastructure to minimize performance overhead and maintain compliance with tenant-specific data policies. This approach enables centralized data management while preserving the multi-tenant architecture's scalability and flexibility. The collected data can then be used for analytics, reporting, or further processing within the SaaS platform.
17. The computer-implemented method of claim 12 measuring a compliance of said tenant with one or more security frameworks including General Data Protection Regulation (GDPR), System and Organizational Controls (SOC) 2, National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), California Consumer Privacy Act (CCPA), International Organization for Standardization (ISO) 27001, Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS).
This invention relates to a computer-implemented method for measuring a tenant's compliance with multiple security frameworks, including GDPR, SOC 2, NIST CSF, CCPA, ISO 27001, HIPAA, and PCI DSS. The method addresses the challenge of assessing and ensuring adherence to diverse regulatory and industry standards in a unified manner. It involves evaluating the tenant's security practices against predefined criteria from each framework, identifying gaps, and generating compliance reports. The system may also track changes over time, provide remediation guidance, and support automated monitoring to maintain continuous compliance. By consolidating compliance assessments across multiple standards, the method simplifies regulatory oversight, reduces manual effort, and helps organizations meet legal and contractual obligations efficiently. The solution is particularly useful for cloud service providers, enterprises handling sensitive data, and organizations operating in regulated industries. The method may integrate with existing security tools to streamline compliance workflows and enhance visibility into security posture.
18. The computer-implemented method of claim 17 , wherein said one or more policies are prescribed in said one or more security frameworks.
This invention relates to computer-implemented methods for managing security policies within a computing environment. The problem addressed is the need for consistent and enforceable security policies across different systems and frameworks, ensuring compliance with regulatory or organizational standards. The method involves defining one or more security policies that are prescribed within one or more security frameworks. These frameworks provide structured guidelines or rules for security configurations, such as access controls, encryption requirements, or audit logging. The policies are then applied to computing resources, such as servers, applications, or network devices, to enforce the prescribed security measures. The method may also include monitoring the computing resources to verify compliance with the policies and generating alerts or reports if deviations are detected. The security frameworks may include industry standards (e.g., NIST, ISO), regulatory requirements (e.g., GDPR, HIPAA), or proprietary frameworks defined by an organization. The policies are dynamically applied based on the framework's specifications, ensuring that the computing environment adheres to the required security standards. This approach simplifies policy management by centralizing enforcement and reducing manual configuration errors. The method may also support policy updates or modifications as frameworks evolve, maintaining continuous compliance.
19. The computer-implemented method of claim 12 performing said collecting in step (d) by an AutoCollect Evidence Task Integration Module of said multi-tenant SaaS web-application.
This invention relates to a computer-implemented method for collecting evidence within a multi-tenant Software-as-a-Service (SaaS) web application. The method addresses the challenge of efficiently gathering and managing evidence across multiple tenants in a cloud-based environment, ensuring data integrity, security, and compliance with legal or regulatory requirements. The method involves a system that includes a multi-tenant SaaS web application with an AutoCollect Evidence Task Integration Module. This module is responsible for automating the collection of evidence from various sources within the application. The evidence may include user activities, transactions, logs, or other relevant data that must be preserved for auditing, legal, or compliance purposes. The module ensures that evidence is collected in a tamper-proof manner, maintaining its authenticity and reliability. The system also includes a task management component that schedules and coordinates the evidence collection process, ensuring that it is performed at the appropriate times and under the correct conditions. The collected evidence is then stored in a secure repository, where it can be accessed by authorized users for review or analysis. The method ensures that the evidence collection process is transparent, auditable, and compliant with industry standards. The invention is particularly useful in environments where multiple tenants share the same SaaS platform, as it provides a centralized and automated way to manage evidence collection without compromising tenant isolation or data security. This approach reduces the administrative burden on individual tenants while ensuring that all necessary evidence is systematically collected and preserved.
20. The computer-implemented method of claim 12 utilizing a screen capture capability for said collecting in said step (d).
A computer-implemented method captures and analyzes user interactions with a software application to improve user experience. The method involves monitoring user behavior, identifying areas of difficulty or inefficiency, and generating recommendations for interface improvements. A key feature is the use of screen capture technology to collect interaction data, including visual elements of the user interface and corresponding user actions. This data is processed to detect patterns, such as repeated errors or delays, which indicate usability issues. The system then generates insights or suggestions for redesigning the interface to enhance usability. The method may also include comparing captured interactions against predefined usability metrics or historical data to quantify improvements. By leveraging screen capture, the system provides a comprehensive view of user behavior, enabling developers to make data-driven decisions for optimizing the application's interface. The approach is particularly useful for identifying non-obvious usability problems that may not be apparent through traditional testing methods.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 3, 2021
March 22, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.